Malicious
Malicious

25e6ab99f024b540783cace2a156ad07

WSF File
|
MD5: 25e6ab99f024b540783cace2a156ad07
|
Size: 16.21 MB
|
application/xml

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
25e6ab99f024b540783cace2a156ad07
Sha1
4e1b51258e5c80d222f3c4f7c0a6b011ed4539d8
Sha256
cb7152dfc85b55593133b9cc855193a64cca9729eef74952cd4e63910feceba5
Sha384
dea36c3453b900875a76480c0591a4ad16e781d212214a939dd5cae8f46ebe693e6c91aeeceda1a0e4b662da886f7f29
Sha512
8546bc206f3ffab46bd599440df22cacacb62e67138311b7d8007ee0dcfc1307a2bec189a4d579cab23cf015876c2f50f8a20c3459c67d2c43db9868b3daaf4e
SSDeep
196608:FDTJ0scmsbkWSsQObAbN04A4cv0GZBl/JbPC:F/J0scmsb9NQIAO4CtBZVC
TLSH
D7F68D9523FC2A35E3B74B35A970B21A05367C2EA901D7DF1B85B65D2972280CDE0B73

PeID

Borland Delphi 7 - Nstd EP - ASL sign
MASM/TASM - sig4 (h)
Microsoft Visual C++ v6.0 DLL
UPolyX 0.3 -> delikon
File Structure
25e6ab99f024b540783cace2a156ad07
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0005
ID:0
ID:0006
ID:0
ID:0007
ID:0
ID:0-preview.png
RT_RCDATA
ID:0000
ID:0
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
_RDATA
.reloc
.rsrc
UPX0
UPX1
UPX2
Optional Header (x86)
Resources
RT_MANIFEST
ID:0001
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
Malware Configuration - URLs in VBA/VBS Code
Config. Field
 Value
URL #1

https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation
URL #2

http://schemas.microsoft.com/SMI/2005/WindowsSettings
URL #3

http://schemas.microsoft.com/SMI/2016/WindowsSettings
URL #4

http://schemas.microsoft.com/winfx/2006/xaml/presentation
URL #5

http://schemas.microsoft.com/winfx/2006/xaml
URL #6

http://schemas.lepo.co/wpfui/2022/xaml
URL #7

http://schemas.microsoft.com/expression/blend/2008
URL #8

http://schemas.openxmlformats.org/markup-compatibility/2006
URL #9

https://github.com/bloxstraplabs/bloxstrap
URL #10

https://github.com/bloxstraplabs/bloxstrap/wiki
URL #11

https://github.com/bloxstraplabs/bloxstrap/issues
URL #12

https://discord.gg/nKjV3mGq6R
URL #13

https://github.com/pizzaboxer
URL #14

https://github.com/bluepilledgreat
URL #15

https://github.com/lolmanurfunny
URL #16

https://github.com/1011025m
URL #17

https://github.com/EasternBloxxer
URL #18

https://github.com/sitiom
URL #19

https://github.com/Extravi
URL #20

https://github.com/EpixScripts
URL #21

https://github.com/swatTurret
URL #22

https://github.com/fxeP1
URL #23

https://github.com/Redusofficial
URL #24

https://github.com/srthMD
URL #25

https://github.com/axellse
URL #26

https://github.com/he3als
URL #27

https://github.com/NikSavchenk0
URL #28

https://github.com/carter0nline
URL #29

https://github.com/MehKako
URL #30

https://github.com/knivesofeylis
URL #31

https://github.com/sha4owz
URL #32

https://github.com/DaMlgNoodle
URL #33

https://github.com/nakoyasha
URL #34

https://github.com/exurd
URL #35

https://github.com/0xFE0F
URL #36

https://github.com/GoingCrazyDude
URL #37

https://www.roblox.com/users/129425241/profile
URL #38

https://www.roblox.com/users/158082266/profile
URL #39

https://www.roblox.com/users/923416649/profile
URL #40

https://github.com/ShadowCodeX-debug
URL #41

https://github.com/cub-has-injected
URL #42

https://github.com/AskaLangly
URL #43

https://github.com/Encythe
URL #44

https://github.com/hugo9655
URL #45

https://github.com/CubesterYT
URL #46

https://github.com/TheRealSpriteMan1337
URL #47

https://github.com/ms-gitblox
URL #48

https://github.com/Luximoz
URL #49

https://github.com/MaximumADHD
URL #50

https://www.roblox.com/users/2485612194/profile
URL #51

https://github.com/axstin
URL #52

https://github.com/Mantaraix
URL #53

https://github.com/apprehensions
URL #54

https://github.com/BlueOutside
URL #55

https://github.com/bloxstraplabs/bloxstrap/blob/main/LICENSE
URL #56

https://github.com/lepoco/wpfui/blob/main/LICENSE
URL #57

https://github.com/securifybv/ShellLink/blob/master/LICENSE.txt
URL #58

https://github.com/Lachee/discord-rpc-csharp/blob/master/LICENSE
URL #59

https://github.com/MaximumADHD/Roblox-Studio-Mod-Manager/blob/main/LICENSE
URL #60

https://github.com/icsharpcode/SharpZipLib/blob/master/LICENSE.txt
URL #61

https://github.com/xoofx/markdig/blob/master/license.txt
URL #62

https://github.com/icsharpcode/AvalonEdit/blob/master/LICENSE
URL #63

https://github.com/XamlAnimatedGif/XamlAnimatedGif/blob/master/LICENSE.txt
URL #64

https://crowdin.com/project/bloxstrap
URL #65

https://github.com/bloxstraplabs/bloxstrap/wiki/
URL #66

http://icsharpcode.net/sharpdevelop/avalonedit
URL #67

https://github.com/bloxstraplabs/bloxstrap/wiki/Privacy-Policy#analytical-functionality
URL #68

https://github.com/bloxstraplabs/bloxstrap/releases/latest
URL #69

https://admin.bloxstraplabs.com/Wiki/Developers/Web-Environments
URL #70

https://github.com/bloxstraplabs/bloxstrap/wiki/Information-on-Roblox-app-localisation
URL #71

https://github.com/bloxstraplabs/bloxstrap/wiki/A-guide-to-FastFlags
URL #72

https://github.com/bloxstraplabs/bloxstrap/wiki/A-guide-to-FastFlags#exclusive-fullscreen
URL #73

https://create.roblox.com/docs/environment/post-processing-effects
URL #74

https://github.com/bloxstraplabs/bloxstrap/wiki/A-guide-to-FastFlags#framerate-limit
URL #75

https://github.com/bloxstraplabs/bloxstrap/wiki/A-guide-to-FastFlags#preferred-lighting-technology
URL #76

https://github.com/bloxstraplabs/bloxstrap/wiki/A-guide-to-FastFlags#dpi-scaling-fixes
URL #77

https://github.com/bloxstraplabs/bloxstrap/wiki/A-guide-to-FastFlags#gui-hiding
URL #78

https://github.com/bloxstraplabs/bloxstrap/wiki/A-guide-to-FastFlags#gui-hiding|https://www.roblox.com/groups/32380007/Bloxstrap
URL #79

https://github.com/bloxstraplabs/bloxstrap/wiki/What-is-activity-tracking%3F
URL #80

https://github.com/bloxstraplabs/bloxstrap/wiki/What-is-activity-tracking%3F#server-location-querying
URL #81

https://ipinfo.io
URL #82

https://github.com/bloxstraplabs/bloxstrap/wiki/What-is-activity-tracking%3F#dont-exit-to-desktop-app
URL #83

https://github.com/bloxstraplabs/bloxstrap/wiki/What-is-activity-tracking%3F#discord-rich-presence
URL #84

https://github.com/bloxstraplabs/bloxstrap/wiki/Discord-Rich-Presence-does-not-work
URL #85

https://github.com/bloxstraplabs/bloxstrap/wiki/Adding-custom-mods
URL #86

https://devblogs.microsoft.com/directx/demystifying-full-screen-optimizations/
URL #87

https://github.com/bloxstraplabs/bloxstrap/wiki/Using-Roblox-icons-for-your-shortcuts
URL #88

http://icsharpcode.net/sharpdevelop/syntaxdefinition/2008
URL #89

https://roblox.com/asset/?id=460805434
URL #90

http://www.roblox.com/
URL #91

http://www.roblox.com/asset/?id=1699715537
URL #92

http://www.roblox.com/F
URL #93

http://www.roblox.com/asset/?id=114046169
URL #94

http://www.roblox.com/asset/?id=133573871
URL #95

https://www.roblox.com//a$
URL #96

http://icsharpcode.net/sharpdevelop/avalonedit#ICSharpCode.AvalonEdit.Highlighting
URL #97

https://github.com/icsharpcode/AvalonEdit.git
URL #98

http://example.com
URL #99

http://example.com/test.png
URL #100

http://www.w3.org/2001/XMLSchema
URL #101

https://github.com/CommunityToolkit/dotnet
URL #102

http://ocsp.digicert.com0C
URL #103

http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
URL #104

http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
URL #105

http://www.digicert.com/CPS0
URL #106

http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
URL #107

http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0
URL #108

http://ocsp.digicert.com0O
URL #109

http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
URL #110

https://developer.microsoft.com/en-us/windows/uwp-community-toolkit
URL #111

http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
URL #112

http://ocsp.digicert.com0X
URL #113

http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
URL #114

http://ocsp.digicert.com0A
URL #115

http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
URL #116

http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
URL #117

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
URL #118

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
URL #119

https://github.com/xoofx/markdig
URL #120

https://github.com/JamesNK/Newtonsoft.Json
URL #121

https://www.newtonsoft.com/jsonschema
URL #122

https://www.nuget.org/packages/Newtonsoft.Json.Bson
URL #123

http://ocsp.digicert.com0K
URL #124

http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
URL #125

https://www.digicert.com/CPS0
URL #126

http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
URL #127

http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
URL #128

http://ocsp.digicert.com0N
URL #129

http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
URL #130

https://www.newtonsoft.com/json
URL #131

http://crl3.digicert.com/sha2-assured-ts.crl02
URL #132

http://crl4.digicert.com/sha2-assured-ts.crl0
URL #133

http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
URL #134

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
URL #135

http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
URL #136

http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
URL #137

https://github.com/icsharpcode/SharpZipLib
URL #138

http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a
URL #139

http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
URL #140

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0
URL #141

http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
URL #142

http://www.microsoft.com/pkiops/docs/primarycps.htm0@
URL #143

http://www.microsoft.com0
URL #144

http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl0l
URL #145

http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt0
URL #146

http://www.microsoft.com/pkiops/Docs/Repository.htm0
URL #147

http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
URL #148

http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
URL #149

https://github.com/XamlAnimatedGif/XamlAnimatedGif
URL #150

https://github.com/XamlAnimatedGif/XamlAnimatedGif.git
URL #151

https://github.com/lepoco/wpfui
URL #152

https://github.com/tonsky/FiraCode
URL #153

https://tonsky.mehttps://tonsky.meThis
URL #154

http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
URL #155

http://fontello.com
URL #156

http://ocsp.globalsign.com/codesigningrootr450F
URL #157

http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
URL #158

http://crl.globalsign.com/codesigningrootr45.crl0V
URL #159

https://www.globalsign.com/repository/0
URL #160

http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
URL #161

http://ocsp.globalsign.com/gsgccr45codesignca20200V
URL #162

http://crl.globalsign.com/gsgccr45codesignca2020.crl0
URL #163

https://github.com/bloxstraplabs/bloxstrap.git0
Artefacts
Name
 Value
PDB Path

D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
25e6ab99f024b540783cace2a156ad07 (16.21 MB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙